Phase 7: af_packet (CVE-2017-7308) + FUSE legacy (CVE-2022-0185)

Two more famous LPEs broadening 'THE tool' coverage:

af_packet CVE-2017-7308 (Andrey Konovalov, Mar 2017):
- AF_PACKET TPACKET_V3 ring setup integer overflow → heap write-where
- Fills 2017 coverage gap
- kernel_range: 3.18.49 / 4.4.57 / 4.9.18 / 4.10.6 / mainline 4.11+
- Needs CAP_NET_RAW via user_ns clone
- Famous as the canonical 'userns + AF_PACKET → root' research-era LPE

fuse_legacy CVE-2022-0185 (William Liu / Crusaders-of-Rust, Jan 2022):
- legacy_parse_param fsconfig heap OOB → cross-cache UAF → root
- **Container-escape angle** — relevant to rootless docker/podman/snap
  (the system admin persona's nightmare)
- kernel_range: 5.4.171 / 5.10.91 / 5.15.14 / 5.16.2 / mainline 5.17+
- Needs user_ns + mount_ns to reach legacy_load() code path
- Originally reported as FUSE-specific but actually applies to any
  fs-mount path from userns (cgroup2, etc.)

Both detect-only initially; full exploits in follow-ups.

Coverage by year now:
  2016: dirty_cow                                  🟢
  2017: af_packet                                  🔵
  2019: ptrace_traceme                             🔵
  2021: pwnkit, overlayfs, netfilter_xtcompat      🟢/🟢/🔵
  2022: dirty_pipe, cls_route4, fuse_legacy        🟢/🔵/🔵
  2023: entrybleed                                 🟢
  2024: nf_tables                                  🔵
  2026: copy_fail family (×5)                      🟢

16 modules total. Build clean. Scan on kctf-mgr: 11 OK / 5 VULNERABLE.

core/registry.h

@@ -30,5 +30,7 @@ void iamroot_register_cls_route4(void);
 void iamroot_register_dirty_cow(void);
 void iamroot_register_ptrace_traceme(void);
 void iamroot_register_netfilter_xtcompat(void);
+void iamroot_register_af_packet(void);
+void iamroot_register_fuse_legacy(void);
 
 #endif /* IAMROOT_REGISTRY_H */